Posts Tagged: session-fixation

• Understanding CVE-2007-5380: Session Fixation via URL-Based Sessions in Early Rails

  An in-depth look at CVE-2007-5380, a session fixation vulnerability in early Ruby on Rails versions caused by URL-based session identifiers.

  Mar 15, 2026

  ruby on railssecuritycvevulnerabilitysession-fixationurl-sessions

• CVE-2007-6077: Incomplete Fix for Rails Session Fixation

  An examination of CVE-2007-6077, where a flawed patch in Rails 1.2.4 failed to fully address session fixation due to mutable state in constants.

  Mar 15, 2026

  rubysecuritycverailssession-fixation